diTii.com Digital News Hub

Sign up with your email address to be the first to know about latest news and more.

I agree to have my personal information transfered to MailChimp (more information)

Sep052010

.htaccess Essential Blog Security Using .htaccess File

This article discuss .htaccess rules to provide some security to your WordPress blog. You must add these rules to your root .htaccess file.

Blog Security Using .htaccess File

Protect .htaccess From Outside Access: This should be at the start of each and every root .htaccess file you ever create.

# Protect the .htaccess file

Order Allow,Deny
Deny from all

Protect wp-config.php From Unwanted Access:

# Protect wpconfig.php

Order Allow,Deny
Deny from all

Not that this rule can be in .htaccess file at the same directory as the protected file, so not necessarily the root .htaccess

Disable Directory Browsing:

# Disable directory browsing
Options All -Indexes

Protect From Spam Comments:

# Protect from spam comments

RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !.*YOURDOMAIN.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]

Prevent Hotlinking:

# Protect bandwidth

RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?YOURDOMAIN\.com/ [NC]
RewriteRule .(jpg|jpeg|png|gif)$ http://ANOTHERDOMAIN.com/nohotlinking.jpg [NC,R,L]

Your Own Shortlinks (in WordPress): Even if you’re using SEO-friendly permalink, WordPress default url for posts and pages is still active, e.g. http://YOURDOMAIN.com/?p=123. You can use that to your advantage and use this directive to remove the need for that ?p= in the url and have your own short-URLs, like for example this post can be found as http://zemalf.com/1076

# BEGIN URL Shortening

RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} ^/([0-9]+)$
RewriteRule .* http://YOURDOMAIN.com/?p=%1 [R=301,L]

# END URL Shortening

Force Download (e.g. for mp3, PDFs, etc.):


ForceType application/octet-stream
Header set Content-Disposition attachment

Share This Story, Choose Your Platform!